Ruckus/ICX-7150

From Omnia
< Ruckus
(Redirected from Ruckus/ICX-7150-48)
Jump to navigation Jump to search

USB C Management Console Connection

[ 1783.328741] usb 3-3: new full-speed USB device number 4 using xhci_hcd
[ 1783.470048] usb 3-3: New USB device found, idVendor=10c4, idProduct=ea60
[ 1783.470052] usb 3-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1783.470054] usb 3-3: Product: CP2104 USB to UART Bridge Controller
[ 1783.470055] usb 3-3: Manufacturer: Silicon Labs
[ 1783.470057] usb 3-3: SerialNumber: 017C6EED
[ 1783.534393] usbcore: registered new interface driver usbserial
[ 1783.534405] usbcore: registered new interface driver usbserial_generic
[ 1783.534416] usbserial: USB Serial support registered for generic
[ 1783.550518] usbcore: registered new interface driver cp210x
[ 1783.550531] usbserial: USB Serial support registered for cp210x
[ 1783.550559] cp210x 3-3:1.0: cp210x converter detected
[ 1783.551382] usb 3-3: cp210x converter now attached to ttyUSB0

# tio -b 9600 /dev/ttyUSB0
[tio 07:47:59] tio v1.32
[tio 07:47:59] Press ctrl-t q to quit
[tio 07:47:59] Connected

ICX7150-48-Switch>
Parameter Value
Baud Rate 9600
Data Bits 8
Parity None
Stop Bits 1
Flow Control None

Initial View

ICX7150-48-Switch>enable
No password has been assigned yet...
ICX7150-48-Switch#show config
INFO: empty config data in the primary area, try to read from backup
INFO: empty config data in the backup area also

Show IP

Initially the switch is configured for DHCP, with telnet access. To see the address: 

ICX7150-48-Switch#show ip

     Switch IP address: 10.10.10.228

           Subnet mask: 255.255.255.0

Default router address: 10.10.10.1
   TFTP server address: 10.248.1.206
Configuration filename: None
        Image filename: None
            DNS Server: 10.10.10.1
                IP MTU: 1500


Initial telnet: "The ICX7150-24F, ICX7150-C08P, and ICX7150-C10ZP switches ship from the factory with SSH enabled and Telnet disabled. All other switches have Telnet enabled only."

ref: http://docs.ruckuswireless.com/fastiron/hardware/ruckus-icx-switch-qsg/GUID-A7D29C1A-2288-4121-A0B8-F7136EAF9291.html

Assign IP

(config)# ip address 172.31.0.1/24

or 

(config)# ip address 172.31.0.1 255.255.255.0

Privilege Levels

3 privileged levels:

  1. super-user-password Super-user level password
  2. port-config-password Port level configuration password
  3. read-only-password Read-only level password
  • Super User level - Allows complete read-and-write access to the system. This is generally for system administrators and is the only management privilege level that allows you to configure passwords.
  • Port Configuration level - Allows read-and-write access for specific ports but not for global (system-wide) parameters.
  • Read-only level - Allows access to the Privileged EXEC mode and User EXEC mode of the CLI but only with read access.

Set the password by (with enable using super-user's password) 

enable
conf term

1. Set Super User level password: 

enable super-user-password [PASSWORD]

2. Set Port Configure password: 

enable port-config-password [PASSWORD]

3. Set Read Only level password: 

enable read-only-password [PASSWORD]

To see which mode you are logged in as, use "sh who".

ref: https://docs.ruckuswireless.com/fastiron/08.0.60/fastiron-08060-securityguide/GUID-F35168E7-729D-46A2-ACE1-68148B01443D.html

Require Login

aaa authentication web-server default local
aaa authentication login default local

User Logins

no username super
username admin [password]

Recover from a Lost Password

  1. Reboot the device.
  2. At the initial boot prompt at system startup, enter b to enter the boot monitor mode.
  3. Enter no password at the prompt. (You cannot abbreviate this command.) This command will cause the device to bypass the system password check.
  4. Enter boot system flash primary at the prompt.

ref: https://docs.ruckuswireless.com/fastiron/08.0.60/fastiron-08060-securityguide/GUID-986D5DF0-BF7E-4327-9030-396433DFFD9D.html

Show Software Version and Hardware Model

>sh ver
  Copyright (c) 2017 Ruckus Wireless, Inc. All rights reserved.
    UNIT 1: compiled on Apr 12 2019 at 11:46:50 labeled as SPS08070db
      (25717216 bytes) from Primary SPS08070db.bin
        SW: Version 08.0.70dbT211
      Compressed Boot-Monitor Image size = 786944, Version:10.1.14T225 (mnz10114)
       Compiled on Thu Nov 15 12:59:22 2018

  HW: Stackable ICX7150-48-POEF
==========================================================================
UNIT 1: SL 1: ICX7150-48PF-4X1G POE 48-port Management Module
      Serial  #:XXXXXXXXXXX
      Current License: 4X1G
      P-ASIC  0: type B160, rev 11  Chip BCM56160_B0
==========================================================================
UNIT 1: SL 2: ICX7150-2X1GC 2-port 2G Module
==========================================================================
UNIT 1: SL 3: ICX7150-4X10GF 4-port 40G Module
==========================================================================
 1000 MHz ARM processor ARMv7 88 MHz bus
 8192 KB boot flash memory
 2048 MB code flash memory
 1024 MB DRAM
STACKID 1  system uptime is 336 day(s) 1 hour(s) 11 minute(s) 35 second(s)
The system started at 04:05:00 GMT+00 Sat Jan 01 2000

The system : started=cold start

Enable SSH

(Note telnet is enabled by default, and doesn't require user)

crypto key generate - http://docs.ruckuswireless.com/fastiron/08.0.50/fastiron-08050-commandref/GUID-74724EE0-E8FB-46A1-8FBA-9E2F342D5B93.html

To enable SSH, you generate a DSA or RSA host key on the device. The SSH server on the Brocade device uses this host DSA or RSA key, along with a dynamically generated server DSA or RSA key pair, to negotiate a session key and encryption method with the client trying to connect to it. While the SSH listener exists at all times, sessions cannot be started from clients until a host key is generated. After a host key is generated, clients can start sessions. When a host key is generated, it is saved to the flash memory of all management modules. The time to initially generate SSH keys varies depending on the configuration, and can be from a under a minute to several minutes.
To disable SSH, you delete all of the host keys from the device. When a host key is deleted, it is deleted from the flash memory of all management modules.


Enable SSH: [1] 

## Generate keys
crypto key generate dsa
# Add admin user:
username admin pri 0 password passphrase
# enable 
aaa authentication login default local

then wait... takes about 5 minutes, and you will eventually see: 

DSA Key pair is successfully created

.. .. 

root@server:~# ssh admin@10.10.10.100
Unable to negotiate with 10.10.10.100 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

fix with: (from switch) 

ip ssh key-exchange-method dh-group14-sha1

or from SSH: 

 ssh -v -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -caes256-cbc 10.10.10.100


Generate keys: 

(config)#crypto key generate rsa modulus 2048
(config)#ip ssh key-exchange-method dh-group14-sha1
Warning: This operation would close all existing SSH connection.
(config)#username admin privilege 0 password [PASSWORD]
   DECIMAL   <0 READ-WRITE, 4 PORT-CONFIG, 5 READ-ONLY> User privilege level
(config)#aaa authentication login default local

To require the enable login locally as well: 

(config)#aaa authentication enable default local

To auto go to privileged mode after login (use in labs only, not production): 

(config)#aaa authentication login privilege-mode

To change password: 

(config)#username admin password [PASSWORD]


ref: https://robrobstation.com/2017/07/17/ruckus-icx7150-c12p-initial-configuration/

Sample config: 

ICX7150-48-Switch(config)#write terminal
Current configuration:
!
ver 08.0.61aT211
!
stack unit 1
  module 1 icx7150-48-port-management-module
  module 2 icx7150-2-copper-port-2g-module
  module 3 icx7150-4-sfp-plus-port-40g-module
!
!
!
!
!
!
!
!
!
!
aaa authentication enable default local
aaa authentication login default local
ip address 10.10.10.228 255.255.255.0 dynamic
ip default-gateway 10.10.10.1 dynamic
!
username admin password .....
!
!
interface ethernet 1/3/1
 speed-duplex 1000-full
!
interface ethernet 1/3/2
 speed-duplex 1000-full
!
interface ethernet 1/3/3
 speed-duplex 1000-full
!
interface ethernet 1/3/4
 speed-duplex 1000-full
!
!
!
!
!
!
ip ssh  key-exchange-method dh-group14-sha1
!
!
end


Disable SSH

Delete the host keys 

crypto key zeroize

crypto key zeroize dsa

crypto key generate - http://docs.ruckuswireless.com/fastiron/08.0.50/fastiron-08050-commandref/GUID-74724EE0-E8FB-46A1-8FBA-9E2F342D5B93.html

To disable SSH, you delete all of the host keys from the device. When a host key is deleted, it is deleted from the flash memory of all management modules.

Disable Telnet

Once SSH is enabled, telnet is best disabled. 

(config)#no telnet server

Clock

Daylight Saving (Summer Time) [2] 

clock summer-time zone us pacific start 02-28-21 02:00:00 end 10-30-21 02:00:00 offset 60

Note: Will have to be updated each year.

Enable POE

See Ruckus/ICX-6450-48#Enable POE

Firmware

Newer firmware combines the bootrom and firmware images into a single file, called the Unified FastIron Image (UFI) [3] 

"Ruckus recommends that you always use the manifest file for any image upgrade or downgrade." [4]

"If you are upgrading from FastIron release 08.0.80 to release 08.0.90, Ruckus recommends using SCP to transfer files." [5]

"Software images for all RUCKUS ICX devices can be uploaded and downloaded between flash modules on the device and a TFTP, SCP, HTTPS, or USB module on the network." [6]

Ruckus FastIron Software Upgrade Guide, 08.0.90 PDF [7]

username: super
default password: sp-admin

copy tftp system-manifest 10.0.0.10 FI08090j_Manifest.txt all-images-primary

copy tftp flash 10.0.0.10 ICX7150/Images/SPS08090j.bin primary

copy tftp system-manifest 10.0.0.10 FI08090_Manifest.txt all_images_primary
copy tftp system-manifest 10.0.0.10 FI08090_Manifest.txt primary



! Doesn't work, due to TFTP issues
copy tftp system-manifest 10.0.0.10 08080f/FI08080f_Manifest.txt all-images-primary



copy tftp flash 10.0.0.10 08080f/ICX7150/Boot/mnz10114.bin bootrom
! wait for this command to complete!
! wait for this command to complete!
! wait for this command to complete!

erase flash primary

copy tftp flash 10.0.0.10 08080f/ICX7150/Images/SPS08080f.bin primary
! wait for this command to complete!
! wait for this command to complete!
! wait for this command to complete!

erase flash secondary

copy tftp flash 10.0.0.10 08080f/ICX7150/Images/SPR08080f.bin secondary
! wait for this command to complete!
! wait for this command to complete!
! wait for this command to complete!

show flash

config t
boot sys flash prim
exit
wr mem
reload

copy tftp system-manifest 10.0.0.10 08090j/FI08090j_Manifest.txt all-images-primary
copy tftp system-manifest 10.0.0.10 08090j/FI08090j_Manifest.txt primary
copy tftp system-manifest 10.0.0.10 08090j/FI08090j_Manifest.txt secondary

copy scp system-manifest 10.0.0.10 /tftp/08090j/FI08090j_Manifest.txt primary



copy tftp system-manifest 10.0.0.10 08090d/FI08090d_Manifest.txt all-images-primary
copy tftp system-manifest 10.0.0.10 08090d/FI08090d_Manifest.txt primary
copy tftp system-manifest 10.0.0.10 08090d/FI08090d_Manifest.txt secondary



erase flash primary
erase flash secondary

copy tftp flash 10.0.0.10 08090d/ICX7150/Boot/mnz10115.bin bootrom
copy tftp flash 10.0.0.10 08090d/ICX7150/Images/SPS08090d.bin primary
copy tftp flash 10.0.0.10 08090d/ICX7150/Images/SPR08090d.bin secondary

copy tftp flash 10.0.0.10 08090d/ICX7150/Images/SPS08090dufi.bin primary
copy tftp flash 10.0.0.10 08090d/ICX7150/Images/SPS08090dufi.bin secondary
copy tftp flash 10.0.0.10 08090d/ICX7150/Images/SPR08090dufi.bin secondary



erase flash primary

copy tftp flash 10.0.0.10 08090j/ICX7150/Images/SPS08090jufi.bin primary

erase flash secondary

copy tftp flash 10.0.0.10 08090j/ICX7150/Images/SPR08090jufi.bin secondary

! Enable SSH
crypto key generate dsa

conf t
crypto key generate dsa
end

copy scp flash 10.0.0.10 /tftp/08090d/ICX7150/Boot/mnz10115.bin bootrom
copy scp flash 10.0.0.10 /tftp/08090d/ICX7150/Images/SPS08090d.bin primary

show flash
config t
boot sys flash prim
exit
wr mem
reload

copy scp flash 10.0.0.10 /tftp/08090j/ICX7150/Images/SPS08090jufi.bin primary

copy scp flash 10.0.0.10 /tftp/08090j/ICX7150/Images/SPS08090jufi.bin secondary

! Copy primary to secondary
copy flash flash secondary

show flash
config t
boot sys flash prim
exit
wr mem
reload

! Write POE Flash
inline power install-firmware stack-unit 1 scp 10.0.0.10 /tftp/08090j/ICX7150/Firmware/icx7xxx_poe_02.1.1.b002.fw

Error: No Unit in the system has PoE module

poe fw ref: https://docs.commscope.com/bundle/fastiron-08030-adminguide/page/GUID-2E378DEB-4CD3-41F8-90E4-28EA47BCAD28.html



sh inl pow det

Firmware
Version
----------------
02.1.1 Build 002

Hardware
Version
----------------
V2R4



boot system flash secondary

# permanent
boot system flash primary yes

ref: http://docs.ruckuswireless.com/fastiron/08.0.50/fastiron-08050-commandref/GUID-9B008914-403A-4FE1-8445-5DCD63F9A1A2.html



sh boot-preference



Configure SSH on a Ruckus Switch | me@luiscachog.io - 
https://luiscachog.io/configure-ruckus-switch/

device(config)# crypto-ssl certificate generate
device(config)# username USERNAME password PASSWORD
device(config)# aaa authentication login default local
device(config)# aaa authentication web-server default local

TFTP session timed out - on boot

Summary: TFTP session timed out messages on console after boot up

Question: Why did TFTP session time out messages on console after boot up?

Customer Environment: FI 07.1.00

-- Root Cause --

In the FastIron series, starting from FI 07.1.00, DHCP Client-Based Auto-Configuration is supported and enabled by default. DHCP
Client-Based Auto-Configuration allows Layer 2 and Layer 3 devices to automatically obtain leased IP addresses through a DHCP server,
negotiate an address lease renewal, and obtain the flash image and configuration files. For the details, please refer to FastIron
configuration guide.

The above messages mean FastIron switch got an IP address from the DHCP server and is trying to get a configuration file from the
TFTP server but there is no resposne from the TFTP server. The messages can be ignored if the user is not trying to download a
configuration file from TFTP server.

-- Troubleshooting Steps --

In FastIron 7.1.00 and later, when booting up the FastIron switch, the user is seeing the following messages on console and an
output in show log:

##console
FWS648G Switch#TFTP session timed out
FWS648G Switch#TFTP session timed out

##show log
0d00h03m30s:D:DHCPC: TFTP unable to download running-configuration
0d00h03m13s:D:DHCPC: sending TFTP request for bootfile name fws-switch.cfg
0d00h02m56s:D:DHCPC: sending TFTP request for bootfile name brocade.cfg
0d00h02m39s:D:DHCPC: sending TFTP request for bootfile name foundry.cfg
0d00h02m22s:D:DHCPC: sending TFTP request for bootfile name FWS648G-Switch0024.38fb.9000.cfg
0d00h02m05s:D:DHCPC: sending TFTP request for bootfile name FWS648G-Switch0024.38fb.9000-config.cfg
0d00h01m49s:D:DHCPC: sending TFTP request for bootfile name FWS648G-Switch0024.38fb.9000-config.cfg
0d00h01m33s:D:DHCPC: sending TFTP request for bootfile name FWS648G-Switch0024.38fb.9000-config.cfg
0d00h01m17s:D:DHCPC: sending TFTP request for bootfile name FWS648G-Switch0024.38fb.9000-config.cfg
0d00h01m01s:D:DHCPC: sending TFTP request for bootfile name FWS648G-Switch0024.38fb.9000-config.cfg 

-- Resolution --

If the user does not want to see such a message, users can do the following: 

1. Configure the IP address on the switch statically
2. Configure no ip dhcp-client enable command.

ref: [8]

SFP

GBIC 

# show media
...
Port 1/3/1:  Type  : EMPTY
Port 1/3/2:  Type  : EMPTY
Port 1/3/3:  Type  : 1G M-TX(SFP)
Port 1/3/4:  Type  : EMPTY

# sh media et 1/3/3
Port   1/3/3: Type  : 1G M-TX(SFP)
             Vendor: XXX    Version: D1
             Part# : SFP-1000BASE-TX    Serial#: XXX

# sh int bri
..
1/3/3      Up      Forward Full 1G    None  No  1    0   xxxx.xxxx.xxxx

#sh int et 1/3/3
10GigabitEthernet1/3/3 is up, line protocol is up

Note: If a 1-Gbps optic transceiver is inserted, you must configure the port using the speed-duplex 1000-full-master command at the interface level. [1]

Enable port: [2] 

# conf term
# int ethernet 1/3/3
# speed-duplex 1000-full-master

or short form: [3] 

config t
int e 1/2/1
speed 1000-full

# sh run
...
stack unit 1
  module 1 icx7150-48pf-poe-port-management-module
  module 2 icx7150-2-copper-port-2g-module
  module 3 icx7150-4-sfp-plus-port-40g-module
  stack-port 1/3/1
  stack-port 1/3/3
!
interface ethernet 1/3/3
 speed-duplex 1000-full
!

keywords

  1. https://docs.commscope.com/bundle/icx7150-installguide/page/GUID-B346251F-DFCC-4441-B047-6E3A3E88839C.html
  2. https://docs.commscope.com/bundle/icx7150-installguide/page/GUID-B346251F-DFCC-4441-B047-6E3A3E88839C.html
  3. https://community.ruckuswireless.com/t5/ICX-Switches/Configuring-SFP-port-on-7150-C08p/td-p/27124
Retrieved from "https://aznot.com/index.php?title=Ruckus/ICX-7150&oldid=7195"